2.8.0

What's new in v2.8.0 :

⚠️ An ORJSON bug was preventing Zircolite to work in some use case, binaries have been replaced.

• It is now possible to forward detected events to an ELK stack
• All events (and not only detected events) can be forwarded with --forwardall. You should note that it works very well with Splunk but can be problematic with ELK because of the automatic type mapping
• ORJSON has replaced the default JSON Python library. It brings a significant speedup in some cases
• There are now two files for Zircolite (only one is required), the zircolite.py file is formatted with Black
• Rules and docs have been updated

Known issues

• For users with an Apple Silicon computer : please use --noexternal to prevent the use of evtx_dump external binaries

⚠️ Some AV may not like the packaged binaries.
⚠️ The set of tests for windows binaries is far from being exhaustive, please create an issue if you encounter difficulties.

Full Changelog: 2.7.0...2.8.0